Crazy Android Bug Interprets Text Entries as System Commands

A strange yet somewhat shocking bug has been discovered in the G1 firmware RC29 and below. When I read about it I simply had to report on it. The bug interprets text entries as system commands which are then executed with superuser privileges! Crazy!

A bug report sent in to Google outlined the issue:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” – which, to my surprise, rebooted my phone.

Imagine the level of frustration after encountering this. You for whatever reason type ‘reboot’ into your device, and bam, your device actually reboots! I can picture my reaction to the event…it would probably be a stunned silence, followed by 2 or 3 more test ‘reboots’ to confirm the issue… Then the silence would turn to a few vulgarities and perhaps a few calls to some friends to rant about the issue.

To see for yourself if you’re vulnerable, from the home screen select Menu > Settings > About phone, and look for the Build number. If you see this: kila-user 1.0 TC4-RC29 115247 ota-rel-keys,release-keys, then you are vulnerable. Anything later than RC29 will be ‘fixed’.

Have RC29 or earlier and want to test it out? First, make sure you save anything you’re working on. Don’t want to lose anything here. Second, pop open the keyboard tray and ignore anything you see onscreen… Then type these 8 keystrokes: <return>-r-e-b-o-o-t-<return>. Your device should reboot if you’re running RC29 or earlier.

What a horrible bug! But don’t let this get you down, a new firmware update (RC30) is being rolled out to G1 owners to fix the issue… I hope!

Wow… That seems like a major error. Then again, being a programmer, I can see how debugging stuff gets left in…

Bright Shadow

Using RC29, I didn't notice this to be the case. Perhaps when someone specifically puts their phone in root mode, this could be an issue, but even for people who hack their phones they do not leave it on root.

When someone uses the root access on their phone, it may be an issue, but one typically would do this simply to change one thing, or install some linux software. I believe as soon as you restart your phone it would no longer be an issue. Basically this is pretty phony.